viallog

Privacy

Last updated: May 9, 2026

What viallog is

viallog is a personal lab notebook used by a small, allowlisted group of people to track peptide experiments. It is not a public service and not a medical product. Access is gated by an email allowlist, and the app is reachable only from the United States.

What we collect

When you use viallog, we store:

  • Your email address, so you can sign in and so we can check it against the allowlist.
  • Whatever you choose to enter into the app: compounds, vials, doses, injection sites, metric readings, cycle plans, and any free-text notes you add.
  • Sign-in metadata from Supabase (an authentication session cookie, and Supabase's internal record of which provider you used).
  • A log of rejected sign-in attempts — the email that tried, the time, and the originating IP — so the owner can see if someone is poking at the door.

We do not run analytics, advertising, fingerprinting, or third-party tracking scripts. There is no telemetry beyond what Supabase and Vercel collect at the infrastructure level.

Where it lives

Your data is stored in a Postgres database hosted on Supabase in the us-west-1 region. The app itself runs on Vercel, which serves requests from US edge regions. If you sign in with Google, Google sees the OAuth handshake the way it would for any application.

Supabase, Vercel, and (if you use it) Google are the only third-party subprocessors that touch your data. We do not share, sell, or transfer your data anywhere else.

Cookies

viallog sets a Supabase authentication session cookie so you stay signed in between requests. That is the only cookie we rely on. There are no advertising or analytics cookies.

Deleting or exporting your data

Self-serve export and deletion are not yet built into the app. If you want a copy of your data or want it removed, contact the owner and they will run the deletion or export against the database directly.

Removing you from the allowlist is a one-line change. After that, you can no longer sign in, but any data you previously entered stays in the database until you ask for it to be deleted.

Security

Every user-owned table has Postgres row-level security enabled, in addition to application-layer filtering by user id. Both layers enforce that you only see your own rows. No system is perfect, but this is a defense-in-depth posture rather than relying on a single check.

Not medical advice

viallog is research and logging software. Nothing it stores or displays is medical advice, a diagnosis, or a treatment recommendation. You are responsible for what you log and for any decisions you make based on it.

Changes to this policy

If this policy changes in a meaningful way, the “Last updated” date at the top of this page will change. For a small, allowlisted user base, the owner will also reach out directly when something material changes.

Contact

Questions about any of the above go to the owner of the viallog instance you are using. There is no separate privacy team.